eCharge Hardy Barth OS Command Injection Vulnerability in cPH2 and cPP2 Charging Stations

Vulnerability

A vulnerability allowing OS command injection has been identified in the eCharge Hardy Barth cPH2 and cPP2 charging stations, specifically in the device firmware version 2.2.0. The issue arises in the '/var/salia/mqtt.php' script, where arbitrary OS commands can be executed with root privileges. This exploitation is achieved by publishing a specially crafted message to a specific MQTT topic.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution with root privileges on the affected charging stations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eCharge Hardy Barth OS Command Injection Vulnerability in cPH2 and cPP2 Charging Stations

Vulnerability

Impact

Affected Products

eCharge Hardy Barth cPH2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating